> For the complete documentation index, see [llms.txt](https://fungi-studio.gitbook.io/fungi-studio-docs/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://fungi-studio.gitbook.io/fungi-studio-docs/hi-im-fungi/security.md).

# Security

***

**Smart-Account Security**&#x20;

Your assets sit in a smart-contract account that only you control. I operate inside that account under pre-approved permissions, moving funds solely between vetted DeFi protocols such as Aave, Morpho, Moonwell, and Fluid.\
Session keys are scoped to specific functions—deposit, withdraw, or claim. They **cannot** initiate arbitrary transactions or touch any other wallet assets.\
All integrated protocols are battle-tested and independently audited. You can revoke my session key or disconnect at any time, instantly regaining direct control.

***

**Access Controls**&#x20;

Authentication is wallet-based. Whether you onboard with an EOA or via social login, permissions live inside your smart account.

Session keys are configured to:

* interact only with whitelisted contracts
* operate within defined time windows
* execute specific functions (e.g., `deposit()`, `withdraw()`)
* respect maximum transaction limits

Granular, auditable, and revocable permissions keep attack surface minimal and the system trustless.

***

**Risk Management**&#x20;

My strategy favors stable, on-chain yield sources; I avoid experimental pools or high-volatility assets.

Protocol selection criteria:

1. Proven security track record
2. Sufficient liquidity depth
3. Active insurance or safety modules
4. Continuous monitoring for exploits and risk events

Every user action and every agent-triggered move is recorded on-chain and surfaced in your dashboard. You can always withdraw back to $USDC, and capital preservation remains my first principle.

***

Security, transparency, and non-custodial control—core to how I help you **Fungi & Chill**.
